vmcompute[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

vmcompute.exe
Size

3.1MB
MD5

273daeee7d949f1434ae44eaadf613fa
SHA1

9bc3798a14e98a8d4c20bb94e9094bac2627ca12
SHA256

c726133f8bd551431b8b6f0a56cbae518e2f328fcd42f122ae46379a1f4f2edf
SHA512

8341c3045e25f14084ef25ec3430d13607341d7d7c845c9743d6d94b770838ae78ee74802a1a453080c957cc724a09ff9e6e7b8fe8426481f8b6f6f0e597f024
SSDEEP

49152:NSoMgE2xTQ5YTiaJVCJ0wX7+Cl2LyxdBsocwe2g5NvhuCK4A28rkBS+rT3Px2jj8:NSix4aX2qffjv

Score

1^/10

Malware Config

Signatures

Files

vmcompute.exe
.exe windows:10 windows x64 arch:x64

39580031fb8271970db361b5ba7033ff

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:31:9e:fe:f5:1f:91:3d:c2:af:65:db:84:b9:4a:07:1e:3d:86:1d:48:f0:52:60:64:ca:2f:f6:0b:8c:e7:6a
Signer

Actual PE Digest

22:31:9e:fe:f5:1f:91:3d:c2:af:65:db:84:b9:4a:07:1e:3d:86:1d:48:f0:52:60:64:ca:2f:f6:0b:8c:e7:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vmcompute.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
strcmp
wcscmp
wcsnlen
__isascii

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
_o__wcsdup
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wtof
_o__wtoi64
_o_abort
_o_calloc
_o_exit
memmove
_o_free
_o_isalpha
_o_isdigit
_o_ispunct
_o_iswalpha
_o_iswspace
_o_iswxdigit
_o_malloc
_o_rand_s
_o_realloc
_o_setlocale
_o_sqrt
_o_terminate
_o_toupper
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstoll
_o_wcstoul
_o_wcstoull
__CxxFrameHandler3
_CxxThrowException
_o__malloc_base
_o__isctype
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_initial_wide_environment
_o__free_base
strchr
wcsstr
wcschr
__AdjustPointer
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__calloc_base
_o__callnewh
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_name
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o___p__commode
_o___p___wargv
_o___p___argc
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_collate_cp_func
_o____lc_codepage_func
__std_terminate
__C_specific_handler
__CxxFrameHandler4
__RTDynamicCast
memcmp
memcpy

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
RevertToSelf
SetSecurityDescriptorDacl
InitializeSid
GetSidLengthRequired
GetSidSubAuthority
InitializeAcl
CreateWellKnownSid
GetSecurityDescriptorDacl
DuplicateTokenEx
DuplicateToken
GetSecurityDescriptorControl
CopySid
GetTokenInformation
ImpersonateSelf
GetAce
CreatePrivateObjectSecurityWithMultipleInheritance
IsValidSid
SetPrivateObjectSecurityEx
AddAccessAllowedAce
GetLengthSid
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
MakeSelfRelativeSD
MakeAbsoluteSD
GetSecurityDescriptorLength
DestroyPrivateObjectSecurity
IsValidSecurityDescriptor
SetSecurityDescriptorOwner

api-ms-win-core-libraryloader-l1-2-0

LoadResource
LoadStringW
LockResource
FindResourceExW
GetModuleHandleW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

SetEvent
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
LeaveCriticalSection
CreateEventW
CreateMutexExW
ReleaseSemaphore
ReleaseMutex
AcquireSRWLockShared
CreateEventExW
TryAcquireSRWLockExclusive
WaitForSingleObject
ResetEvent
InitializeCriticalSectionEx
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
Sleep
SleepConditionVariableCS
WakeByAddressAll
WaitOnAddress
InitOnceExecuteOnce
SleepConditionVariableSRW
InitOnceComplete
InitializeConditionVariable
WakeConditionVariable
InitOnceBeginInitialize
WakeAllConditionVariable

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsFree
GetCurrentProcess
OpenThreadToken
GetCurrentThread
GetExitCodeProcess
SetThreadToken
OpenProcessToken
GetProcessId
CreateProcessAsUserW
CreateThread
GetCurrentThreadId
TlsSetValue
ResumeThread
GetCurrentProcessId
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
TlsAlloc
TerminateProcess

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
DeleteService
OpenServiceW
OpenSCManagerW
CreateServiceW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlCaptureStackBackTrace
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlVirtualUnwind

ntdll

NtCreateEvent
RtlFreeHeap
RtlAllocateHeap
NtQuerySystemInformationEx
RtlNumberOfSetBitsEx
NtQueryInformationJobObject
NtCreateNamedPipeFile
NtOpenFile
RtlConvertDeviceFamilyInfoToString
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
NtOpenSymbolicLinkObject
NtSetInformationJobObject
NtQuerySymbolicLinkObject
RtlInitUnicodeString
NtCreateJobObject
NtSetInformationSymbolicLink
NtTerminateJobObject
NtOpenJobObject
NtCreateSymbolicLinkObject
NtMakeTemporaryObject
NtQuerySystemInformation
RtlUpcaseUnicodeChar
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtQueryInformationProcess
NtMakePermanentObject
NtCreateDirectoryObject
NtFsControlFile
NtCreateFile
NtOpenPartition
NtCreatePartition
NtManagePartition
RtlReleasePrivilege
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlAcquirePrivilege
NtDeviceIoControlFile
RtlNtStatusToDosError
NtQueryVolumeInformationFile
RtlInitializeBitMapEx

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoDisconnectObject
CoEnableCallCancellation
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoCancelCall
CoDisableCallCancellation

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventWriteEx
EventEnabled
EventWrite
EventActivityIdControl

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumKeyExW
RegGetValueW
RegOpenKeyExW
RegEnumValueW
RegDeleteTreeW
RegDeleteValueW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-threadpool-l1-2-0

CancelThreadpoolIo
CloseThreadpool
StartThreadpoolIo
CallbackMayRunLong
CreateThreadpoolWork
CloseThreadpoolIo
WaitForThreadpoolTimerCallbacks
SetThreadpoolWait
TrySubmitThreadpoolCallback
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolIo
SubmitThreadpoolWork
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolIoCallbacks
SetThreadpoolThreadMaximum
CreateThreadpoolWait

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
SetSecurityInfo
GetSecurityInfo

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCServerShareW
PathFindExtensionW
PathIsUNCServerW
PathSkipRootW
PathIsRelativeW
PathRemoveFileSpecW
PathFileExistsW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetVersionExW
GetSystemDirectoryW
GetLogicalProcessorInformationEx
GetSystemTimeAsFileTime
GetSystemInfo

rpcrt4

UuidCreate
RpcBindingFromStringBindingW
RpcServerUnregisterIf
NdrClientCall3
RpcServerInqBindings
UuidFromStringW
RpcServerInqCallAttributesW
RpcBindingFree
RpcExceptionFilter
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingVectorFree
RpcServerUseProtseqW
RpcEpRegisterW
RpcEpUnregister
UuidCompare
NdrServerCallAll
NdrServerCall2
RpcServerRegisterIf3

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList

vmsif

VmsIfPortDelete
VmsIfMemFree
VmsIfDriverOpen
VmsIfSwitchEnumerate
VmsIfPortCreate
VmsIfDriverClose
VmsIfPortSetSecurityInfo

netsetupapi

NetSetupFreeObjects
NetSetupClose
NetSetupGetObjectProperties
NetSetupGetObjects
NetSetupFreeObjectProperties
NetSetupInitialize

combase

ord139

hvsocket

GetHvSocketParentAddress
GetHvSocketLocalAddress

wevtapi

EvtClose
EvtFormatMessage
EvtOpenPublisherEnum
EvtNextPublisherId
EvtOpenPublisherMetadata
EvtGetPublisherMetadataProperty

api-ms-win-crt-locale-l1-1-0

_lock_locales
_unlock_locales

api-ms-win-core-file-l1-1-0

GetFileSizeEx
FindFirstVolumeW
ReadFile
GetFileAttributesW
WriteFile
DeleteFileW
FindVolumeClose
SetEndOfFile
GetFinalPathNameByHandleW
CompareFileTime
UnlockFileEx
GetDiskFreeSpaceW
GetVolumePathNameW
SetFileAttributesW
FindNextVolumeW
GetFileTime
SetFilePointerEx
CreateDirectoryW
SetFileTime
LockFileEx
CreateFileW
FlushFileBuffers
QueryDosDeviceW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-path-l1-1-0

PathCchCombineEx
PathAllocCombine
PathCchAddBackslash
PathCchSkipRoot

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDestroyHash

iphlpapi

GetJobCompartmentId
SetJobCompartmentId

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_ListW
CM_Register_Notification
CM_MapCrToWin32Err
CM_Get_Device_ID_List_SizeW
CM_Open_DevNode_Key
CM_Get_Device_ID_ListW
CM_Locate_DevNodeW
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_Interface_List_SizeW
CM_Unregister_Notification

xmllite

CreateXmlWriterOutputWithEncodingName
CreateXmlReaderInputWithEncodingName
CreateXmlReader
CreateXmlWriter

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW

mpr

WNetGetResourceInformationW

api-ms-win-core-job-l2-1-0

SetInformationJobObject
QueryInformationJobObject
CreateJobObjectW

api-ms-win-core-file-l2-1-0

CopyFile2
GetFileInformationByHandleEx

oleaut32

SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy
VariantInit
SafeArrayCopy
SafeArrayGetVartype
SafeArrayPutElement
VariantCopy
SafeArrayCreateVectorEx
SysAllocStringLen
SafeArrayCreateVector
SysFreeString
VariantChangeType
SysStringByteLen
SysAllocString
VariantClear
SysAllocStringByteLen
SafeArrayGetUBound

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
CompareStringEx
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-security-systemfunctions-l1-1-0

SystemFunction036

api-ms-win-core-io-l1-1-0

DeviceIoControl
CancelIoEx
GetOverlappedResult

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW

api-ms-win-core-sysinfo-l1-2-1

DnsHostnameToComputerNameExW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

cfgmgr32

CM_Enumerate_Classes

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetTempPathW

api-ms-win-security-lsapolicy-l1-1-0

LsaAddAccountRights
LsaOpenPolicy
LsaClose

api-ms-win-security-lsalookup-l2-1-1

LsaManageSidNameMapping

userenv

DeleteAppContainerProfile

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber

api-ms-win-core-kernel32-legacy-l1-1-1

GetNumaProcessorNodeEx
GetNumaAvailableMemoryNodeEx

fltlib

FilterInstanceCreate
FilterConnectCommunicationPort
FilterSendMessage
FilterInstanceClose
FilterAttach
FilterLoad

api-ms-win-core-kernel32-legacy-l1-1-0

SetFileCompletionNotificationModes

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-perfcounters-l1-1-0

PerfSetCounterSetInfo
PerfSetULongCounterValue
PerfStopProvider
PerfStartProvider
PerfCreateInstance
PerfDeleteInstance
PerfSetULongLongCounterValue

ws2_32

setsockopt
htons
WSARecv
WSAStartup
WSAGetLastError
bind
inet_pton
WSASocketW
listen
shutdown
WSACleanup
WSASend
closesocket
WSAIoctl

api-ms-win-core-libraryloader-l2-1-0

QueryOptionalDelayLoadedAPI

api-ms-win-core-io-l1-1-1

GetOverlappedResultEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

ORCloseHive
ORCloseKey
ORCreateHive
ORCreateHiveEx
ORCreateKey
ORDeleteKey
ORDeleteValue
OREnumKey
OREnumValue
ORFlushHive
ORGetKeySecurity
ORGetValue
ORGetVirtualFlags
OROpenHive
OROpenHiveByHandle
OROpenKey
ORQueryInfoKey
ORQueryInfoKeyEx
ORQueryInfoKeyValueEx
ORRenameKey
ORSaveHive
ORSaveHiveEx
ORSaveHiveToHandle
ORSetKeySecurity
ORSetValue
ORSetVirtualFlags

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 669KB - Virtual size: 669KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39580031fb8271970db361b5ba7033ff

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

22:31:9e:fe:f5:1f:91:3d:c2:af:65:db:84:b9:4a:07:1e:3d:86:1d:48:f0:52:60:64:ca:2f:f6:0b:8c:e7:6aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

ntdll

api-ms-win-core-com-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-handle-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

rpcrt4

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

vmsif

netsetupapi

combase

hvsocket

wevtapi

api-ms-win-crt-locale-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-path-l1-1-0

bcrypt

iphlpapi

api-ms-win-devices-config-l1-1-1

xmllite

api-ms-win-core-processenvironment-l1-1-0

mpr

api-ms-win-core-job-l2-1-0

api-ms-win-core-file-l2-1-0

oleaut32

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-security-systemfunctions-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-synch-l1-2-1

cfgmgr32

api-ms-win-core-file-l1-2-0

api-ms-win-security-lsapolicy-l1-1-0

api-ms-win-security-lsalookup-l2-1-1

userenv

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

22:31:9e:fe:f5:1f:91:3d:c2:af:65:db:84:b9:4a:07:1e:3d:86:1d:48:f0:52:60:64:ca:2f:f6:0b:8c:e7:6a
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

PAGE
Size: 10KB - Virtual size: 10KB

.rdata
Size: 669KB - Virtual size: 669KB

.data
Size: 97KB - Virtual size: 145KB

.pdata
Size: 96KB - Virtual size: 95KB

.didat
Size: 1024B - Virtual size: 528B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 26KB - Virtual size: 25KB